software-manual
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard development and documentation tools via the shell, including
npm,pip,npx,typedoc, andpdoc. It also starts the local development server (e.g.,npm run dev) to facilitate automated screenshot capture via Chrome MCP, which is consistent with its primary purpose. - [EXTERNAL_DOWNLOADS]: The skill fetches essential front-end libraries such as
marked.js,highlight.js, andmermaid.jsfrom well-known technology CDNs (unpkg.com and jsdelivr.net) to provide offline functionality for the generated manuals. These sources are considered trusted repositories for static assets. - [DYNAMIC_EXECUTION]: The API extraction script (
extract_apis.py) utilizes dynamic module loading (e.g.,sys.path.insertandimport) to access the application's configuration and OpenAPI schema. This is a functional requirement for generating documentation for frameworks like FastAPI and is limited to the project directory provided by the user. - [DATA_EXFILTRATION]: No unauthorized data transmission was identified. While the skill reads project metadata (e.g.,
package.json) and source code to build the manual, the data is processed locally to produce the final HTML deliverable. - [PROMPT_INJECTION]: The skill employs structured prompts to coordinate sub-agents (e.g.,
universal-executor,cli-explore-agent) for specific technical tasks. No patterns indicating attempts to bypass safety filters or override system instructions were found.
Audit Metadata